PatchSiren cyber security CVE debrief
CVE-2024-44987 Siemens CVE debrief
A use-after-free (UAF) vulnerability in the Linux kernel's IPv6 networking stack, specifically within the ip6_send_skb() function, affects Siemens industrial networking products. The vulnerability was resolved in the upstream Linux kernel and requires local access with low privileges to exploit, potentially leading to denial of service conditions.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2026-05-14
- Advisory published
- 2024-04-09
- Advisory updated
- 2026-05-14
Who should care
Organizations operating Siemens industrial networking infrastructure, particularly in critical infrastructure and manufacturing environments utilizing RUGGEDCOM or SCALANCE product families. Security teams responsible for OT/ICS network segmentation and patch management should prioritize assessment.
Technical summary
CVE-2024-44987 is a use-after-free vulnerability in the Linux kernel's IPv6 implementation, specifically in the ip6_send_skb() function. The vulnerability has been resolved in upstream Linux kernel development. Siemens industrial networking products incorporating affected Linux kernel versions are impacted, including RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices. The CVSS 3.1 score of 5.5 (MEDIUM) reflects a local attack vector requiring low privileges, with no confidentiality or integrity impact but high availability impact. Exploitation could result in denial of service conditions on affected systems.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware updates to V3.2 or later for RUGGEDCOM RST2428P and SCALANCE XCM-/XRM-/XCH-/XRH-300 family devices
- For SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family, consult Siemens ProductCERT advisory SSA-355557 for specific configuration guidance and update availability
- Implement network segmentation to limit local access to affected industrial control devices
- Monitor for anomalous IPv6 traffic patterns that may indicate exploitation attempts
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description indicates a resolved use-after-free condition in ip6_send_skb(). Siemens ProductCERT advisory SSA-355557 (referenced via CISA ICSA-25-226-07) identifies affected products and remediation paths. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with availability impact.
Official resources
-
CVE-2024-44987 CVE record
CVE.org
-
CVE-2024-44987 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public